Cross Site Scripting (XSS) vulnerability in InvoicePlane 1.6 via filterproduct input to file modalproduct_lookups.php.